2024-04-22_ee7b2ae7f0b64d72a1bef7d7d5592710_mafia

Sharing

Copy URL Twitter E-mail

General

Target

2024-04-22_ee7b2ae7f0b64d72a1bef7d7d5592710_mafia
Size

870KB
MD5

ee7b2ae7f0b64d72a1bef7d7d5592710
SHA1

19ec528536928e0e88a18f830b762e8102ff7213
SHA256

be2e486594543ee1cbba04a2e7f41436b309a548a6a8ed47930020c6d1a3c4b0
SHA512

a8ec442187f5b07f2574bd50946eba0d0ada64681a3ca74b981e6dbaf63ac71b9d82c1b8d33fb77d8caf14e7c77c98bf24246464809848ab7ad0993986b54774
SSDEEP

12288:tEjcX9eBhrIcubGB81kNGj1cZGHFvlI3H1+vzsOu+VMv4v2PZeME/uVZFWw6Obsz:WvrIZbf1PcZGHpm3H1IsOu+u9PvfZ

Score

1^/10

Malware Config

Signatures

Files

2024-04-22_ee7b2ae7f0b64d72a1bef7d7d5592710_mafia
.exe windows:5 windows x86 arch:x86

1e6c0238316c3b94014ffdb931eb1eba

Code Sign

03:75:e1:51:05:48:b2:48:24:2e:e5:08:59:ae:1e:88
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

09/12/2013, 00:00

Not After

11/12/2014, 12:00

Subject

CN=Oculus VR\, Inc.,O=Oculus VR\, Inc.,L=Irvine,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:15:85:62:13:b0:c0:21:bb:7b:8c:ae:c0:c6:69:c4:b4:7e:a2:6a
Signer

Actual PE Digest

1e:15:85:62:13:b0:c0:21:bb:7b:8c:ae:c0:c6:69:c4:b4:7e:a2:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wtsapi32

WTSRegisterSessionNotification
WTSQuerySessionInformationW
WTSFreeMemory
WTSUnRegisterSessionNotification

setupapi

SetupDiGetClassDevsA
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

winmm

timeGetTime
timeEndPeriod
timeBeginPeriod

kernel32

SetStdHandle
GetLastError
CreateMutexA
Sleep
OutputDebugStringA
GetConsoleMode
GetStdHandle
InterlockedExchange
InterlockedExchangeAdd
EnterCriticalSection
LeaveCriticalSection
GetTickCount
InterlockedCompareExchange
CreateSemaphoreW
CreateMutexW
CloseHandle
WaitForSingleObject
ReleaseSemaphore
ReleaseMutex
CreateEventW
ResetEvent
SetEvent
RaiseException
GetCurrentThreadId
SuspendThread
SetThreadPriority
SetThreadAffinityMask
GetCurrentThread
GetModuleHandleW
GetVersionExA
InitializeCriticalSection
GetProcAddress
LoadLibraryW
DeleteCriticalSection
DeviceIoControl
DisableThreadLibraryCalls
GetModuleHandleA
CreateFileW
QueryPerformanceFrequency
QueryPerformanceCounter
FormatMessageW
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
LocalFree
CreateFileMappingA
CreateDirectoryW
GetFileAttributesW
WideCharToMultiByte
WriteConsoleW
lstrlenW
VirtualProtect
VirtualQuery
LoadLibraryA
CreateFileA
CancelIo
FreeLibrary
GetOverlappedResult
ReadFile
WaitForMultipleObjects
SetErrorMode
GetCurrentProcessId
CreateWaitableTimerW
GetStringTypeW
LCMapStringW
MultiByteToWideChar
FlushFileBuffers
GetConsoleCP
SetFilePointer
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
HeapSize
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
UnhandledExceptionFilter
HeapCreate
InterlockedDecrement
SetLastError
InterlockedIncrement
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GetProcessHeap
SetEndOfFile
CompareStringW
SetEnvironmentVariableA
GetStartupInfoW
HeapAlloc
HeapSetInformation
GetCommandLineA
EncodePointer
OutputDebugStringW
FreeEnvironmentStringsW
GetModuleFileNameA
ExitProcess
SetUnhandledExceptionFilter
GetModuleFileNameW
WriteFile
HeapReAlloc
HeapFree
RtlUnwind
ExitThread
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
CreateThread
DecodePointer

user32

DestroyWindow
DispatchMessageW
GetMessageW
TranslateMessage
SetWinEventHook
CreateWindowExA
RegisterClassExA
GetClientRect
UnhookWinEvent
EnumDisplayDevicesW
EnumDisplayMonitors
GetMonitorInfoW
MsgWaitForMultipleObjects
PeekMessageW
UnregisterClassW
PostMessageW
UnregisterDeviceNotification
KillTimer
GetForegroundWindow
GetWindowThreadProcessId
PostQuitMessage
DefWindowProcW
PostMessageA
SetTimer
GetWindowLongW
GetWindowRect
CreateWindowExW
GetDC
ReleaseDC
GetActiveWindow
LoadIconW
LoadCursorW
RegisterClassW
SetWindowLongW
SetWindowPos
UpdateWindow
RegisterDeviceNotificationW

gdi32

SwapBuffers

advapi32

RegSetKeyValueA
RegQueryValueExA
ConvertStringSecurityDescriptorToSecurityDescriptorA
RegOpenKeyExA
RegCloseKey
ReportEventA
DeregisterEventSource
RegisterEventSourceA

shell32

SHGetFolderPathW

ole32

CoInitializeEx
CoInitializeSecurity
CoCreateInstance
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear

ws2_32

WSAStartup
WSACleanup
closesocket
freeaddrinfo
getaddrinfo
setsockopt
ioctlsocket
bind
socket
htonl
listen
WSAGetLastError
connect
send
select
__WSAFDIsSet
recv
accept
getsockname

dbghelp

ImageDirectoryEntryToData

Sections

.text
Size: 510KB - Virtual size: 510KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 279KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1e6c0238316c3b94014ffdb931eb1eba

Code Sign

03:75:e1:51:05:48:b2:48:24:2e:e5:08:59:ae:1e:88Certificate

Extended Key Usages

Key Usages

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5fCertificate

Extended Key Usages

Key Usages

1e:15:85:62:13:b0:c0:21:bb:7b:8c:ae:c0:c6:69:c4:b4:7e:a2:6aSigner

Headers

DLL Characteristics

File Characteristics

Imports

wtsapi32

setupapi

winmm

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

ws2_32

dbghelp

Sections

.text Size: 510KB - Virtual size: 510KB

.rdata Size: 279KB - Virtual size: 278KB

.data Size: 25KB - Virtual size: 36KB

.rsrc Size: 512B - Virtual size: 448B

.reloc Size: 50KB - Virtual size: 49KB

03:75:e1:51:05:48:b2:48:24:2e:e5:08:59:ae:1e:88
Certificate

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

1e:15:85:62:13:b0:c0:21:bb:7b:8c:ae:c0:c6:69:c4:b4:7e:a2:6a
Signer

.text
Size: 510KB - Virtual size: 510KB

.rdata
Size: 279KB - Virtual size: 278KB

.data
Size: 25KB - Virtual size: 36KB

.rsrc
Size: 512B - Virtual size: 448B

.reloc
Size: 50KB - Virtual size: 49KB